Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0037929
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Openbravo ERP] A. Platformminorhave not tried2018-02-15 12:042018-02-20 13:21
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PriorityimmediateResolutionfixedFixed in Version3.0PR18Q1
StatusclosedFix in branchFixed in SCM revision4306e87ae836
ProjectionnoneETAnoneTarget Version3.0PR18Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression levelProduction - Confirmed Stable
Regression date2016-05-02
Regression introduced in release3.0PR17Q3
Regression introduced by commithttp://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/0bd874e354593cfb98d714cf2e0dd54e4864295b [^]
Triggers an Emergency PackNo
Summary

0037929: sys admin sessions created after reaching CU limit are not automatically kicked out

DescriptionAfter concurrent users limit is reached, only users with System Admin role are allowed to log in the application.

When this limit is reached, before rejecting new logins, it is checked if there are logged in session that were inactive for the last 2 minutes and if so they are kicked out so log in is accepted.

System Admin sessions created in this situation are not automatically kicked out, so they only get deactivated releasing its CU after manual log out or after Tomcat timeout. They should be kicked out also if they were inactive for 2 minutes.
Steps To ReproduceIn an instance activated with 1 CU limit:

1. Log in with Openbravo user (session 1)
2. In another browser log in with Openbravo user (session 2)
   -> Warn about CU limit reached is displayed, but log in is allowed with only access to System Admin role
3. Without logging out, close browsers with session 1 and 2
4. Wait 3 minutes
5. Log in with a user that has NO access to System Admin
   -> ERROR: Login is rejected
      EXPECTED: Login should be allowed because sessions 1 and 2 should have been kicked out because they were inactive for more than 2 minutes
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0037928 closedalostale sys admin sessions created after reaching CU limit are not automatically kicked out 

-  Notes
(0102436)
hgbot (developer)
2018-02-15 13:04

 Repository: erp/backports/3.0PR18Q1
Changeset: 4306e87ae836caaf0fd36216986dae3c960d727a
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Feb 15 13:01:08 2018 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/4306e87ae836caaf0fd36216986dae3c960d727a [^]

fixed bug 37929: sys admin CUR sessions are not automatically kicked out

  System Admin CUR session (created when CU limit is reached), consume CU but
  were not kicked out after inactivity period before rejecting other logins.

  Fixed by including CUR sessions in the ones that are automatically always
  killed if no ping is detected for 2 minutes.

---
M src/org/openbravo/erpCommon/ad_process/HeartbeatProcess.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
(0102526)
caristu (developer)
2018-02-20 13:21

 Reviewed

- Issue History
Date Modified Username Field Change
2018-02-15 12:11 alostale Type defect => backport
2018-02-15 12:11 alostale Target Version => 3.0PR18Q1
2018-02-15 13:04 hgbot Checkin
2018-02-15 13:04 hgbot Note Added: 0102436
2018-02-15 13:04 hgbot Status scheduled => resolved
2018-02-15 13:04 hgbot Resolution open => fixed
2018-02-15 13:04 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR18Q1/rev/4306e87ae836caaf0fd36216986dae3c960d727a [^]
2018-02-20 13:21 caristu Review Assigned To AugustoMauch => caristu
2018-02-20 13:21 caristu Note Added: 0102526
2018-02-20 13:21 caristu Status resolved => closed
2018-02-20 13:21 caristu Fixed in Version => 3.0PR18Q1

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker